CGI Raping a.k.a How to Target a DoS at a single Site.

[webmaster () TLSECURITY NET (Thierry Zoller)]

Here's what happened :

nph-anon.cgi installed to allow surfers to surf 
"anonymously"

Now somebody launched an attaack based on Multiple calls to 
nph-anon.cgi. These calls prompetd it to download a JPG 
picture.

There have been made over 100.000 calls (from on IP) to 
that cgi script. Being a nph script on every (!) call it 
created a socket to connect to the server holding a picture.

Result:
- Eat up 99% of system ressources (VHost)
- My ISP blocked my account (forbidden 403).
- My ISP accuses me for connection to the server.
- My ISP does NOT believe me that somebody made thousands 
of  Connection to that script. (they pointed out nph- 
anon.cgi being the script eating up the ressources) 
although the LOG CLEARLY indicate that there have been 
Remote calls to that script,
- My ISP attacks attacks myself (!) by saying
<<<This attack, if it truly is that, is the first in the 
history of our company. We have never had a DoS attack that
was specifically targetted at a domain on our servers. We 
must ask what you are doing than to create this attack
and we must also ask ourselves, given the previous incident 
with your previous domain, if hosting you is something that 
is still an option.>>>

'Note hat i HAD NEVER any problems with them, never did 
something wrong, and in fact I helped them by sending the 
latest patches to flaws found to exist in their Servers.

So now I am the culprit right ?
(I won't disclose the host here, neitherway I must admit 
that I feel quite fourious about them)

[ Help
-Could anybody point me to some FAQ or Help text which 
explains how to limit exessif calls to CGI scripts?
-Are there any known server side programs that do exist to 
protect from such happenings ?
- Please comment the "We have never had a DoS attack.."

Regards,
Thierry Zoller